Chapter 9 Classification And Forwarding

Outline

Packet Demultiplexing An incoming packet must be demultiplexing as it moves from one layer to the next Efficiency and Flexibility Define a header for each individual protocol Choose the exact set of headers needed for a packet You can create a new protocol or to change an existing protocol without affecting other protocols

The Disadvantage Of Demultiplexing Although it provides freedom to define and use arbitrary protocols without introducing transmission overhead, demultiplexing is inefficient because it imposes sequential processing among layers.

Packet Classification Arrange for the receiver to optimize processing by compressing demultiplexing from a sequence of many operations at each layer into an operation at one layer

Example Classification Classify Ethernet frames carrying traffic to Web server Specify exact header contents in rule set Example – Ethernet type field specifies IP – IP type field specifies TCP – TCP destination port specifies Web server Field sizes and values – 2-octet Ethernet type is – 2-octet IP type is 6 – 2-octet TCP destination port is 80

Illustration Of Encapsulated Headers Highlighted fields are used for classification of Web server traffic

Software Implementation Of Classification To classify a packet, a software-based classifier makes at most one comparison for each field specified in the classification rules Compare values in header fields Conceptually a logical and of all field comparisons Example if ( (frame type == 0x0800) && (IP type == 6) && (TCP port == 80) ) declare the packet matches the classification; else declare the packet does not match the classification;

Optimizing Software Classification Comparisons performed sequentially The code can optimized by ordering the tests to ensure that the first test is the least likely to succeed

Example Of Optimizing Software Classification Assume – 95.0% of all frames have frame type – 87.4% of all frames have IP type 6 – 74.3% of all frames have TCP port 80 Reordering tests can optimize processing time if ( (TCP port == 80) && (IP type == 6) && (frame type == 0x0800) ) declare the packet matches the classification; else declare the packet does not match the classification; At each step, test the field that will eliminate the most packets

Note About Optimization Although the maximum number of comparisons in a software classifier is fixed, the average number of comparisons is determined by the order of the tests; minimum comparisons result if, at each step, the classifier tests the field that eliminates the most packets.

Hardware Implementation Of Classification Hardware can operate in parallel The classifier extracts pertinent fields, concatenates the fields into a multi-octet values Compares the resulting value to a constant Steps – Extract needed fields – Concatenate bits – Place result in register – Perform comparison

Illustration Of Hardware Classifier Constant for Web classifier is

Optimized Classification Of Multiple Rule Sets (1/2) Three disjoint flows – Flow 1: traffic destined for Web server – Flow 2: traffic consisting of ICMP echo request packets – Flow 3: all other traffic (default) Web server traffic – 2-octet Ethernet type is – 2-octet IP type is 6 – 2-octet TCP destination port is 80

Optimized Classification Of Multiple Rule Sets (2/2) ICMP echo traffic – 2-octet Ethernet type is – 2-octet IP type is 1 – 1-octet ICMP type is 8 Software Implementation Of Multiple Rules if (frame type != 0x0800) { send frame to flow 3; } else if (IP type == 6 && TCP destination port == 80) { send packet to flow 1; } else if (IP type == 1 && ICMP type == 8) { send packet to flow 2; } else { send frame to flow 3; }

Classification Of Variable-Size Packet Headers Fields not at fixed offsets Easily handled with software Pose a serious challenge for hardware Finite cases can be specified in rules

Example Variable-Size Header: IP Options Rule Set 1 – 2-octet frame type field contains – 1-octet field at the start of the datagram contains 4516 – 1-octet type field in the IP datagram contains 6 – 2-octet field 22 octets from start of the datagram contains 80 Rule Set 2 – 2-octet frame type field contains – 1-octet field at the start of the datagram contains 4616 – 1-octet type field in the IP datagram contains 6 – 2-octet field 26 octets from the start of datagram contains 80

Effect Of Protocol Design On Classification Fixed headers fastest to classify Each variable-size header adds one computation step In worst case, classification no faster than demultiplexing Extreme example: IPv6

Hybrid Classification Combines hardware and software mechanisms – Hardware used for standard cases – Software used for exceptions Note: software classifier can operate at slower rate

Two Basic Types Of Classification Static – Flows specified in rule sets – Header fields and values known a priori Dynamic – Flows created by observing packet stream – Values taken from headers – Allows fine-grain flows – Requires state information

Example Static Classification Allocate one flow per service type One header field used to identify flow – IP TYPE OF SERVICE (TOS) Use DIFFSERV interpretation Note: Ethernet type field also checked

Example Dynamic Classification Allocate flow per TCP connection Header fields used to identify flow – IP source address – IP destination address – TCP source port number – TCP destination port number Note: Ethernet type and IP type fields also checked

Implementation Of Dynamic Classification Usually performed in software State kept in memory State information created/updated at wire speed

Two Conceptual Bindings classification: packet → flow forwarding: flow → packet disposition Classification binding is usually 1-to-1 Forwarding binding can be 1-to-1 or many-to-1

Flow Identification Connection-oriented network – Per-flow SVC can be created on demand – Flow ID equals connection ID Connectionless network – Flow ID used internally – Each flow ID mapped to ( next hop, interface )

Relationship Of Classification And Forwarding In A Connection-Oriented Network In a connection-oriented network, flow identifiers assigned by classification can be chosen to match connection identifiers used by the underlying network. Doing so makes forwarding more efficient by eliminating one binding.

Forwarding In A Connectionless Network Route for flow determined when flow created Indexing used in place of route lookup Flow identifier corresponds to index of entry in forwarding cache Forwarding cache must be changed when route changes

Second Generation Network Systems Designed for greater scale Use classification instead of demultiplexing Decentralized architecture – Additional computational power on each NIC – NIC implements classification and forwarding High-speed internal interconnection mechanism – Interconnects NICs – Provides fast data path

Illustration Of Second Generation Network Systems Architecture

Classification And Forwarding Chips Sold by vendors Implement hardware classification and forwarding Typical configuration: rule sets given in ROM

QUESTION ？